package se.swedenconnect.opensaml.xmlsec.keyinfo;

import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
import org.opensaml.core.xml.XMLRuntimeException;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.Credential;
import org.opensaml.xmlsec.encryption.AgreementMethod;
import org.opensaml.xmlsec.encryption.OriginatorKeyInfo;
import org.opensaml.xmlsec.encryption.RecipientKeyInfo;
import org.opensaml.xmlsec.keyinfo.KeyInfoGenerator;
import org.opensaml.xmlsec.keyinfo.KeyInfoSupport;
import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import se.swedenconnect.opensaml.security.credential.KeyAgreementCredential;

/* loaded from: input_file:se/swedenconnect/opensaml/xmlsec/keyinfo/KeyAgreementKeyInfoGeneratorFactory.class */
public class KeyAgreementKeyInfoGeneratorFactory extends X509KeyInfoGeneratorFactory {
    private final Logger log = LoggerFactory.getLogger(KeyAgreementKeyInfoGeneratorFactory.class);

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:se/swedenconnect/opensaml/xmlsec/keyinfo/KeyAgreementKeyInfoGeneratorFactory$ExtendedX509Options.class */
    public class ExtendedX509Options extends X509KeyInfoGeneratorFactory.X509Options {
        private boolean emitOriginatorKeyInfoPublicKeyValue;
        private boolean emitOriginatorKeyInfoPublicDEREncodedKeyValue;

        protected ExtendedX509Options() {
            super(KeyAgreementKeyInfoGeneratorFactory.this);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* renamed from: clone, reason: merged with bridge method [inline-methods] and merged with bridge method [inline-methods] */
        public X509KeyInfoGeneratorFactory.X509Options m14clone() {
            ExtendedX509Options extendedX509Options = (ExtendedX509Options) super.clone();
            extendedX509Options.emitOriginatorKeyInfoPublicKeyValue = this.emitOriginatorKeyInfoPublicKeyValue;
            extendedX509Options.emitOriginatorKeyInfoPublicDEREncodedKeyValue = this.emitOriginatorKeyInfoPublicDEREncodedKeyValue;
            return extendedX509Options;
        }
    }

    /* loaded from: input_file:se/swedenconnect/opensaml/xmlsec/keyinfo/KeyAgreementKeyInfoGeneratorFactory$KeyAgreementKeyInfoGenerator.class */
    public class KeyAgreementKeyInfoGenerator extends X509KeyInfoGeneratorFactory.X509KeyInfoGenerator {
        private final Logger log;

        protected KeyAgreementKeyInfoGenerator(X509KeyInfoGeneratorFactory.X509Options x509Options) {
            super(KeyAgreementKeyInfoGeneratorFactory.this, x509Options);
            this.log = LoggerFactory.getLogger(KeyAgreementKeyInfoGenerator.class);
        }

        @Nullable
        public KeyInfo generate(@Nullable Credential credential) throws SecurityException {
            if (credential == null) {
                this.log.warn("KeyAgreementKeyInfoGenerator was passed a null credential");
                return null;
            }
            if (!KeyAgreementCredential.class.isInstance(credential)) {
                this.log.warn("KeyAgreementKeyInfoGenerator was passed a credential that was not an instance of KeyAgreementCredential: {}", credential.getClass().getName());
                return null;
            }
            KeyAgreementCredential keyAgreementCredential = (KeyAgreementCredential) KeyAgreementCredential.class.cast(credential);
            AgreementMethod buildXMLObject = XMLObjectSupport.buildXMLObject(AgreementMethod.DEFAULT_ELEMENT_NAME);
            buildXMLObject.setAlgorithm(keyAgreementCredential.getAgreementMethodAlgorithm());
            buildXMLObject.getUnknownXMLObjects().add(keyAgreementCredential.getKeyDerivationMethod());
            OriginatorKeyInfo originatorKeyInfo = (OriginatorKeyInfo) XMLObjectSupport.buildXMLObject(OriginatorKeyInfo.DEFAULT_ELEMENT_NAME);
            processSenderPublicKey(originatorKeyInfo, keyAgreementCredential);
            buildXMLObject.setOriginatorKeyInfo(originatorKeyInfo);
            buildXMLObject.setRecipientKeyInfo(cloneToRecipientKeyInfo(super.generate(keyAgreementCredential.getPeerCredential())));
            KeyInfo buildXMLObject2 = XMLObjectSupport.buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
            buildXMLObject2.getAgreementMethods().add(buildXMLObject);
            return buildXMLObject2;
        }

        protected RecipientKeyInfo cloneToRecipientKeyInfo(KeyInfo keyInfo) {
            try {
                Element marshall = XMLObjectSupport.marshall(keyInfo);
                Document newDocument = XMLObjectProviderRegistrySupport.getParserPool().newDocument();
                newDocument.appendChild((Element) newDocument.importNode(marshall, true));
                newDocument.renameNode(newDocument.getDocumentElement(), RecipientKeyInfo.DEFAULT_ELEMENT_NAME.getNamespaceURI(), RecipientKeyInfo.DEFAULT_ELEMENT_NAME.getPrefix() + ":" + RecipientKeyInfo.DEFAULT_ELEMENT_NAME.getLocalPart());
                RecipientKeyInfo unmarshall = XMLObjectSupport.getUnmarshaller(RecipientKeyInfo.DEFAULT_ELEMENT_NAME).unmarshall(newDocument.getDocumentElement());
                unmarshall.releaseDOM();
                return unmarshall;
            } catch (MarshallingException | XMLParserException | UnmarshallingException e) {
                throw new XMLRuntimeException("Failed to clone KeyInfo into RecipientKeyInfo", e);
            }
        }

        protected void processPublicKey(KeyInfo keyInfo, Credential credential) throws SecurityException {
            if (credential.getPublicKey() != null) {
                if (KeyAgreementKeyInfoGeneratorFactory.this.emitPublicKeyValue()) {
                    ExtendedKeyInfoSupport.addPublicKey(keyInfo, credential.getPublicKey());
                }
                if (KeyAgreementKeyInfoGeneratorFactory.this.emitPublicDEREncodedKeyValue()) {
                    try {
                        KeyInfoSupport.addDEREncodedPublicKey(keyInfo, credential.getPublicKey());
                    } catch (NoSuchAlgorithmException e) {
                        throw new SecurityException("Cannot DER-encode key, unsupported key algorithm", e);
                    } catch (InvalidKeySpecException e2) {
                        throw new SecurityException("Cannot DER-encode key, invalid key specification", e2);
                    }
                }
            }
        }

        protected void processSenderPublicKey(OriginatorKeyInfo originatorKeyInfo, KeyAgreementCredential keyAgreementCredential) throws SecurityException {
            if (keyAgreementCredential.getSenderGeneratedPublicKey() != null) {
                if (KeyAgreementKeyInfoGeneratorFactory.this.emitOriginatorKeyInfoPublicKeyValue()) {
                    ExtendedKeyInfoSupport.addPublicKey(originatorKeyInfo, keyAgreementCredential.getSenderGeneratedPublicKey());
                }
                if (KeyAgreementKeyInfoGeneratorFactory.this.emitOriginatorKeyInfoPublicDEREncodedKeyValue()) {
                    try {
                        KeyInfoSupport.addDEREncodedPublicKey(originatorKeyInfo, keyAgreementCredential.getSenderGeneratedPublicKey());
                    } catch (NoSuchAlgorithmException e) {
                        throw new SecurityException("Cannot DER-encode key, unsupported key algorithm", e);
                    } catch (InvalidKeySpecException e2) {
                        throw new SecurityException("Cannot DER-encode key, invalid key specification", e2);
                    }
                }
            }
        }
    }

    public boolean handles(@Nonnull Credential credential) {
        return credential instanceof KeyAgreementCredential;
    }

    public Class<? extends Credential> getCredentialType() {
        return KeyAgreementCredential.class;
    }

    @Nonnull
    public KeyInfoGenerator newInstance() {
        ExtendedX509Options extendedX509Options = (ExtendedX509Options) getOptions();
        if (!extendedX509Options.emitOriginatorKeyInfoPublicDEREncodedKeyValue && !extendedX509Options.emitOriginatorKeyInfoPublicKeyValue) {
            this.log.error("Bad configuration - emitOriginatorKeyInfoPublicDEREncodedKeyValue or emitOriginatorKeyInfoPublicKeyValue must be set");
        }
        return new KeyAgreementKeyInfoGenerator(extendedX509Options.m14clone());
    }

    public boolean emitOriginatorKeyInfoPublicKeyValue() {
        if (ExtendedX509Options.class.isInstance(getOptions())) {
            return ((ExtendedX509Options) getOptions()).emitOriginatorKeyInfoPublicKeyValue;
        }
        return false;
    }

    public void setEmitOriginatorKeyInfoPublicKeyValue(boolean z) {
        if (ExtendedX509Options.class.isInstance(getOptions())) {
            ((ExtendedX509Options) getOptions()).emitOriginatorKeyInfoPublicKeyValue = z;
        }
    }

    public boolean emitOriginatorKeyInfoPublicDEREncodedKeyValue() {
        if (ExtendedX509Options.class.isInstance(getOptions())) {
            return ((ExtendedX509Options) getOptions()).emitOriginatorKeyInfoPublicDEREncodedKeyValue;
        }
        return false;
    }

    public void setEmitOriginatorKeyInfoPublicDEREncodedKeyValue(boolean z) {
        if (ExtendedX509Options.class.isInstance(getOptions())) {
            ((ExtendedX509Options) getOptions()).emitOriginatorKeyInfoPublicDEREncodedKeyValue = z;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: newOptions, reason: merged with bridge method [inline-methods] */
    public X509KeyInfoGeneratorFactory.X509Options m12newOptions() {
        return new ExtendedX509Options();
    }
}
